Jan 10 2024
Welcome to Gone Phishing, your daily cybersecurity newsletter that’s doesn’t need a TV show to hold cybercriminals accountable for their actions 👀 #PostOfficeScandal 😲😢😡
Today’s hottest cybersecurity news stories:
🤏 ‘Lumma Stealer’ spread via fake cracked software YT vids 🎥
🦃 Poorly secured MS SQL servers targeted by Turkish hackers 👨💻
🌯 Babuk Tortilla ransomware foiled by newly-obtained decryptor 🎉
🔍 Fortinet FortiGuard Labs recently uncovered a rising threat where cybercriminals are exploiting YouTube to distribute Lumma, an information-stealing malware. 👾 These YouTube videos often focus on cracked software, luring users with installation guides and hidden malicious URLs. Beware of cracked versions of popular software like Vegas Pro!
How does it work? 💡
Users seeking cracked software on YouTube are directed to click a link in the video description, leading to a fake installer on MediaFire. Once downloaded, the ZIP file unleashes a Windows shortcut disguising itself as a setup file. This shortcut triggers the download of a .NET loader from GitHub, loading the Lumma Stealer with anti-virtual machine and anti-debugging checks.
Lumma Stealer Capabilities 🔫
This C-written malware, available on underground forums since late 2022, can harvest and send sensitive data to the attacker-controlled server.
Broader Trend 🌐
This tactic follows a pattern where cybercriminals exploit YouTube for malware distribution, as seen in previous attacks delivering stealers, clippers, and crypto miners. Bitdefender also warned of stream-jacking attacks on YouTube, emphasising the need for vigilance.
Stay Safe 🛡️
Be cautious when navigating YouTube for cracked software, and avoid clicking on suspicious links. Keep your software updated, use reputable security software, and stay informed about emerging cyber threats. Together, we can create a safer digital environment! 💻🔒
Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.
🌎 Poorly secured Microsoft SQL (MS SQL) servers are under fire in the U.S., European Union, and Latin American (LATAM) regions in an ongoing campaign dubbed RE#TURGENCE. 🎯 Researchers at Securonix warn of a dual threat – compromised host access sale or delivery of ransomware payloads.
Attack Details 🔫
Turkish-origin actors execute brute-force attacks on MS SQL servers, using xp_cmdshell for shell command execution. A PowerShell script fetches an obfuscated Cobalt Strike beacon payload, leading to the deployment of Mimic ransomware.
Post-Exploitation Toolkit 💼
The attackers employ AnyDesk for remote access, downloading tools like Mimikatz for credential harvesting and Advanced Port Scanner for reconnaissance. PsExec facilitates lateral movement.
OPSEC Blunder 🕵️
Securonix uncovered an Operational Security (OPSEC) misstep – monitoring clipboard activity revealed the threat actors' Turkish origins and the alias "atseverse," linked to a Steam profile and a Turkish hacking forum called SpyHack.
Security Advice 🚨
Avoid exposing critical servers directly to the internet. Strengthen your server security to prevent brute-force attacks from external networks.
Stay Informed, Stay Secure! 🔒👥💻
🃏 The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can't get fooled again.” Good ol’ George Dubya 😂 Let us tell who’s not fooling around though; that’s the Crüe 👀 at Motley Fool. You’d be a fool (alright, enough already! 🙈) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! 🐛 Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets 🤑 (LINK)
🚵 Wander: Find your happy place. Cue Happy Gilmore flashback 🏌️⛳🌈🕊️ Mmmm Happy Place… 😇 So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)
🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ⚾👻🍿 (Great movie, to be fair 🙈). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty 😑). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho 😉 And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)
🚨 In a nacho-ordinary victory against cyber threats, experts guac-ed up executable code to decrypt files hit by the notorious Babuk Tortilla ransomware variant! 💪🔓
Taco 'bout a Global Impact 🌐
This ransomware, which kicks like a mule and bites like a crocodile 🐊, gained notoriety in 2021, creating a bonafide salsa of chaos globally. 10 different cyber actors, nacho-average troublemakers, turned up the heat with the Babuk toolkit. Cisco Talos detected the Tortilla campaign in October 2021.
Decryptor Evolution 🐒
The Babuk Tortilla decryptor, born from leaked source code, got a guac-makeover by Avast Threat Labs. It's a necesito for recovering files spiced with Babuk variants.
User-Friendly Recovery 🚀
Avast's Babuk decryptor, as user-friendly as a burrito, lets even non-experts salsa their way to file recovery. Updated versions are ready for download. Hurray!
A Collaborative Triumph 🤝
Dutch Police, guided by Talos intel, apprehended the Babuk Tortilla threat actor. This victory is a tasty reminder of the power of guac-llaboration 😬 between law enforcement and cybersecurity entities.
¡Gracias Amigos! 👨🏽🌾
For those embroiled in the Tortilla ransomware mess, the updated Babuk decryptor is as welcome as an ice cold Corona on a hot summer’s day. FYI, it can be found on NoMoreRansom and Avast decryptors’ pages.
🌐 Together We Stand Against Cybercriminals! ✊🔐💻 Power To The People, Right On! ✌️🎸🙌
Always a pleasure to deliver some guac-tastic news… for once! 🙈 Stay safe, cyber squad! 🛡️🌮
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.
Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran 'Wealthy Primate' might be able to help you climb that tree 🐒🌴 with his stick and banana approach 🍌😏
Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)
Let us know what you think!
So long and thanks for reading all the phish!